This invention relates to a security module into which a user may enter proprietary codes such as personal identification numbers (PINs).
People must commonly interface with computers and other processors in a proprietary manner to transact business, transfer proprietary information, log on to a network, and perform other proprietary activities. As a preliminary security measure, the user is typically required to enter a PIN. For example, with reference to monetary transactions, PINs commonly must be entered into a processor, via a keypad, to authorize the use of an automatic teller machine (ATM) card to withdraw cash from an ATM, or to authorize use of a credit card to purchase gasoline from a self-service gasoline dispenser or to purchase food and the like from a grocery store. In the foregoing examples, the user typically enters a PIN into a keypad operatively connected to a card reader or other input device which reads proprietary user information magnetically encoded onto the ATM card, credit card, or the like. The card reader and keypad are operatively connected for communicating the magnetically encoded information, along with the PIN, to a network of banks and credit card companies. To provide further security, the PIN is, typically, also encrypted before it is communicated onto the network. If PINs, particularly encrypted PINs, were not utilized, credit cards, ATM cards, and the like, or information magnetically encoded thereon could be misappropriated and used without proper authority.
Though PINs reduce unauthorized use of credit cards and ATM cards, PINs may be misappropriated by electronically eavesdropping for a PIN entered into a keypad. Such eavesdropping, however, requires that the PIN be intercepted before it is passed to, and encrypted by, a processor in preparation for transmission onto the network. To curb such interception and any tampering of the keypad and processor, the processor is typically embedded in a mass of material such as a two-part epoxy resin which is potted to the keypad, thereby integrating the keypad and processor into a single module. To intercept PINs before they pass to and are encrypted by the processor, the processor must be separated, or detached, from the keypad. To so separate the keypad and processor, the epoxy must be soaked in solvent for an extended period of time, on the order of several weeks. However, during such soaking process, the solvent would also remove electrical traces from the processor and associated circuitry, thereby effectively destroying the module.
While providing security and "tamper-resistance," a drawback to the foregoing technique of embedding the processor in epoxy is that, if an integrated keypad and processor module malfunctions, then, because the keypad cannot be detached from the processor, it is often difficult to diagnose the source of the malfunction, much less to repair it. As a consequence, rather than repair a faulty module, the entire module is typically disposed of and replaced with a new module. This is very uneconomical because the source of a malfunction is typically the keypad which represents only about 20% or less of the cost of the security module. Therefore, if the keypad could be detached from the processor and separably serviced or replaced, a repair savings of over 80% could result.
A corollary drawback to replacing modules instead of repairing them is that, because there are a large number of combinations of different keypad designs and processor designs, it is unwieldy and uneconomical to stock all such combinations as assembled modules potted in epoxy. Therefore, keypads and processors are typically potted together in epoxy as needed. Since the epoxy may require more than a day in an oven to cure (i.e., harden) replacements are accordingly delayed.